EEA Privacy Notice


This Privacy Notice is intended to provide information about our organisation and our practices with respect to the personal data of individuals in the EEA. (8 January 2024)

1. Introduction


In respect of personal data collected or otherwise processed by using our website and/or by using our webshop, Voyetra Turtle Beach Inc. and Turtle Beach Europe Limited will be joint ‘controllers’ (Article 26 GDPR). As described below, there are specific situations where only one of the two companies will be the sole controller.


Contact information:


Voyetra Turtle Beach, Inc.

44 S Broadway, 4th Floor

White Plains, NY 10601, USA

e-mail: privacy@turtlebeach.com


and


Turtle Beach Europe Limited

1st Floor (North Wing), Central 40,

Chineham Park, Basingstoke,

Hampshire,

RG24 8GU, UK

e-mail: privacy@turtlebeach.com


A data controller is responsible for deciding the ways in which and purposes for which personal data about you is processed. We may process your personal data ourselves or through others acting as data processors on our behalf.


Throughout this notice, ‘we’ and ‘us’ means Voyetra Turtle Beach, Inc. and Turtle Beach Europe Ltd., if not otherwise stated in this Policy.


Our representative in the EEA is:


TB Germany GmbH

Otto von Bahrenpark

Gasstrasse 4

22761 Hamburg, Germany

Fax: +49 (0)40 30 99 495 123

Email: privacy@turtlebeach.com


The Data Protection Officer for our representative is:

Dr. Christian Rauda

GRAEF Rechtsanwälte Digital PartG mbB

Jungfrauenthal 8

E-Mail: datenschutzbeauftragter@TBGermany.de

Website: www.graef.eu


‘Personal data’ means any information relating to you, such as your name and contact details, but does not include data where you can no longer be identified from it such as anonymised, aggregated data


If you have any questions about this Privacy Notice, you can contact us at privacy@turtlebeach.com. If you would like to exercise your data privacy rights as applicable to your location of residence, please provide us with the applicable information via our Privacy Request Form so we can process your request. 

2. What personal data may we process about you and what do we use it for?


The EU General Data Protection Regulation (“GDPR”) specifies certain ‘legal bases’ for the processing of your personal data . The personal data that we may collect about you and the purposes for which such personal data will be used, as well as the legal basis for such processing are explained in this section.


This website is not targeted at users under the age of 18. If you are under the age of 18, you should not visit this site and, in particular, should not submit any personal data to us.

If you place an order through our website (webshop)


As mentioned, we (Voyetra Turtle Beach Inc. and Turtle Beach Europe Ltd.), process the data collected when using the webshop as joint controllers within the meaning of Art. 26 GDPR. For this purpose, we have concluded a joint controllership agreement.


When you place an order with us on our website we will request certain information from you. This information is likely to include your name, email address, payment card details, billing address, shipping address and telephone number. This information will be used to process your order, arrange delivery of your order and correspond with you in relation to your order. Our legal basis for using your personal data in this way is to perform the contract we enter into with you and to execute the customer service in respect of your order (Art. 6 (1) (b) GDPR).


This personal data is required in order to place an order with us. If you do not provide this information, we may not be able to accept your order or fulfil your order.


If you buy a Turtle Beach or a Roccat product, we may also use your contact details to ask you if you would like to review the product that you purchased. You do not need to submit a review, but if you do, we may process the personal data that you provide in your review or in connection with your review to publish your review on our website. We will provide you with further information about how we may use your review and associated data when we contact you to ask you to provide a review. Our legal basis for this processing is your consent (Art. 6 (1) (a) GDPR). You can revoke your consent at any time by editing or deleting your review.


If you sign up to receive e-mail marketing from us (note that the controller will only be Voyetra Turtle Beach, Inc.)


Our e-mail communications are not targeted at children. By opting in to receive e-mail marketing from us, you confirm that you are aged 18 or over.


When you sign up to receive e-mails from us we will collect your e-mail address for sending you information about our products, services, content and events. We or our authorized service provider will then use your e-mail address to send you e-mails with our latest new releases, deals, events, promotions, gaming articles and other promotional material and information about Turtle Beach or Roccat products. Our legal basis for processing your e-mail address for this purpose is your consent (Art. 6 (1) (a) GDPR). If you do not provide your e-mail address, we will not be able to send you the e-mails that you request. Your consent will remain valid even if you cancel your order, but it is always freely revocable if you click on the unsubscribe link in such marketing email or reply STOP to unsubscribe from our marketing texts. 


If you have signed up to receive communications using one of our websites, we will automatically record which Turtle Beach website you used to join our mailing list. We will use this information to ensure that our communications to you are in the same language as the website that you have used. Our legal basis for processing this information is our legitimate interest (Art. 6 (1) (f) GDPR) in ensuring that the communications we send you are in an appropriate language.


We also collect information about whether you open e-mails sent by us to evaluate the effectiveness of our communication, as well as the effectiveness of time and days of our communications. Our legal basis for this processing is our legitimate interest (Art. 6 (1) (f) GDPR) in evaluating the effectiveness of our communications and our marketing strategy.


Text Marketing and notifications


We are using a text messaging platform based in the operated by SMSBump, a Yotpo company which is US based Lafayette Street, New York, NY 10003, USA. It provides an app on the Shopify platform for marketing via text messaging. You will find SMSBump’s Privacy Policy and GDPR-related disclosures here: https://smsbump.com/page/privacy-policy. By opting-in for our text marketing and notifications during the ordering process , you agree with this data processing.


By entering your phone number in the checkout and initializing a purchase, subscribing via our subscription form or a keyword, you agree that we may send you text notifications (for your order, including abandoned cart reminders) and text marketing offers. You acknowledge that consent is not a condition for any purchase.


Your phone number, name and purchase information will be processed on the platform operated by SMSBump. Our data processor SMSBump will use your data sets only for sending you targeted marketing messages and notifications. Upon sending the text messages, your phone number will be passed to a text messages operator to fulfill their delivery. 


Voyetra Turtle Beach will have access to the data after your opt-in only in the following cases:

  • To respond to your reply messages to us or
  • To send you the text marketing messages.

Our legal basis for processing your personal data for these purposes is your consent (Art. 6 (1) lit a) GDPR) to the text marketing. Voyetra Turtle Beach has entered into EU Standard Contractual Clauses with SMSBump as the data exporter and takes appropriate measures to comply with the GDPR’s provisions for data transfers out of the EU. 


If you wish to unsubscribe from receiving text marketing messages and notifications reply with STOP to any mobile message sent from us or use the unsubscribe link we provided you with in any of our messages. You understand and agree that alternative methods of opting out, such as using alternative words or requests will not be accounted as a reasonable means of opting out. Message and data rates may apply.


If you unsubscribe, SMSBump will continue to store your phone number as required by law. Specifically, this means that SMSBump will then store your phone number on a separate list (blacklist) on its server to ensure that SMSBump no longer contacts this phone number for marketing purposes. SMSBump does not share this phone number. We have access to this list and can add or remove individual entries. The legal basis for this storage is our legitimate interest according to Article 6 Paragraph 1 lit. f DSGVO. As long as the phone number is stored there, you can easily log back in by sending an SMS with "UNSTOP" from this number. You can contact us at any time to have SMSBump delete your phone number from the blacklist. However, it will then no longer be possible to reply with "UNSTOP".


You can also contact us for more information. 

If you win a prize

From time to time we may engage third parties to conduct social media giveaways and prize promotions or similar activities. If you engage in such activities, the operator of the giveaway or promotion will generally be a data controller in respect of your personal data. If you win a prize and we are responsible for fulfilling your prize, the operator may pass certain personal data that you provided to them (such as your name, address and contact details) on to us so that we can give you your prize. We will only use such personal data to give you your prize but might not be able to do so if we do not receive the relevant information. Our legal basis for this use of your personal data is our legitimate interest (Art. 6 (1) (f) GDPR) in providing prizes to winners in these kinds of promotions.


As part of a social media giveaway or prize promotion, you may be asked to sign up to receive emails from us. Information about signing up to our mailing list is provided above.


When you enter a sweepstake


If you enter a sweepstake, we will process your personal data in connection with registration for participation in a sweepstake, the drawing of a winner, the notification of the winner, and the mailing of the prize. We will process the following categories of data: first and last name, address and e-mail address. The data processing is based on Art. 6 para. 1 lit. b) GDPR (the sweepstake agreement). The publication of the winner in advertising media and the transfer and use of such data for advertising purposes is based on Art. 6 para. 1 lit. a) GDPR (consent). The data will be stored by us until a winner has been determined and the prize has been successfully delivered. If you have consented to a transfer of the data for advertising purposes, the data will be stored by us for as long as the consent is valid.


If you register your product


If you buy a Turtle Beach or Roccat product, you can register the product with us. 


Product registration is carried out by submitting certain information on our applicable online form. This information is likely to include your name, email address, postal address, details about your product (such as the model, serial number, product platform) and information about your purchase (such as where you purchased the product and the date of purchase).


Product registration is optional. If you choose to register your product, we will use the information that you provided to assist you with technical support or dealing with problems with your product (such as administering warranty claims), if you request. Our legal basis for processing this information for these purposes is our legitimate interest (Art. 6 (1) (f) GDPR) in assisting you efficiently with issues relating to Turtle Beach and Roccat products where you have chosen to register your product with us. If you do not provide these personal data, we may not be able to assist you in these ways or it may be more difficult for us to do so.

If you contact us for technical support


If you contact us for technical support, we may collect certain information from you such as your name, email address, postal address, details about your product (such as the model, serial number, product platform), information about your purchase (such as where you purchased the product and the date of purchase) and other information you provide us in connection with your technical support request. We may also generate certain information such as records of the technical issues with your product and our correspondence with respect to your enquiry.


We use this personal data in order to assist you with technical support, to deal with problems with your product (such as administering warranty claims) and to respond to your enquiry. The legal basis for this processing is that it is in our legitimate interest (Art. 6 (1) (f) GDPR) to assist you efficiently with issues relating to Turtle Beach or Roccat products when you request. If you do not provide this personal data, we may not be able to assist you in these ways.


If you contact us in relation to other matters


If you contact us through our website or otherwise, you may provide personal data to us in the course of your correspondence with us. This may include your name, address, email address, other contact details and your opinions. We may also generate personal data about you in connection with the correspondence, such as correspondence records and opinions.


We may process this personal data to correspond with you, respond to your enquiry or address matters raised by your correspondence. We may not be able to do so if you do not provide this personal data. The legal basis for this processing is our legitimate interests in responding to or addressing your enquiry or otherwise communicating with you in the course of our business.


Cookies (controller only Voyetra Turtle Beach Inc.)


Our website uses cookies. These cookies collect information about how you use our website, your previous interactions with our website and technical data (such as your IP address, browser type and version, time zone setting and location). Further information about our use of cookies is set out in our Cookie Policy below. 

Other purposes of the data processing


In addition to the uses above, we may also process your personal data where required by law to do so or if we reasonably believe that it is necessary to protect our rights and/or to comply with judicial or regulatory proceedings, a court order or other legal process.


We may also process personal data for purposes other than those for which the personal data was originally collected where permitted by applicable data protection laws. Where this is the case, we will provide you with information about that further processing.


Special categories of personal data


There are more limited bases for processing special category personal data. This is personal data which reveals or contains racial or ethnic origin, political opinions, religious and philosophical beliefs, trade union membership, genetic data, biometric data, health data, sex life and sexual orientation. 


We do not intend to actively collect such special categories of personal data about you. Whilst we will use reasonable efforts to limit our holding of such data, please be aware that we may hold such data incidentally - for example, where you voluntarily send such special category data in an email to us.


3. With whom will we share your information?


We may share your personal data with a third party where this is required by law or where we have another legitimate interest (Art. 6 (1) (f) GDPR) in doing so.


We may also need to share your personal data with:

  • other entities within our group, namely Turtle Beach Germany GmbH as our representative, as part of our regular reporting activities, in the context of a business reorganisation or group restructuring exercise, for assistance in relation to marketing and business development or in connection with the operation of group-wide functions and services;
  • professional advisers, including lawyers, bankers, auditors and insurers to the extent such information is relevant to their performance of their services;
  • regulators and government bodies;
  • IT service providers (such as cloud services providers, IT consultants and software-as-a-service providers); and
  • any of our service providers where such information is relevant to their performance of such services.

Examples of who may process your personal data in different scenarios are set out below.

If you place an order through our website


Our website is currently operated by us and uses the Shopify online e-commerce platform. When you place an order, Shopify will process your payment details on our behalf. We neither store credit card details nor do we share financial details with any third parties. Please note that for purposes of processing your transaction for goods and services provided by us, we may share your name, physical and IP address with Shopify. You find Shopify’s Privacy Policy at https://www.shopify.com/legal/privacy. In addition, please note Shopify’s White Paper on its international data transfers (https://help.shopify.com/pdf/cross-border-whitepaper.pdf). As stated in this White Paper, Shopify’s global platform, Shopify International Ltd. (an Irish entity) may transfer EEA personal data to Shopify Inc. (a Canadian entity) that may then share such data sets with sub-processors in Canada and other countries, such as the United States. For these transfers Shopify does not rely on EU Standard Contractual Clauses. Instead, Shopify transfers the relevant data sets pursuant to the requirements of PIPEDA (the Canadian privacy law), which the European Commission has determined provides adequate data protection under the GDPR, and subject to specific contractual agreements. Please consult the mentioned White Paper that also includes FAQ and a diagram illustrating the flow of data of European residents, and how Shopify ensures protection for each step. Please also note that to the extent that you open your own account with Shopify, Shopify may act as its own independent data controller for your personal data and may use such data for other or additional purposes based on their Privacy Policy.


For its European customers Turtle Beach cooperates with Klarna Bank AB with its principal place of business at Sveavägen 46, 111 34 Stockholm, Sweden (“Klarna”) as a provider of solutions for checkouts, such as Klarna’s Shopping Solution. For instance, Klarna processes your personal data when you use one of Klarna's payment methods, log in to a merchant website connected with Klarna, or choose to pay by debit or credit card during the payment process in Klarna's checkout with a merchant. In all these cases Klarna acts as a separate and independent data controller and not as our data processor for the personal data it receives via the platform for these purposes. Klarna may also use these personal data in order to send newsletters, to conduct product surveys, to advertise similar products or services of Klarna and for event invitations, provided that Klarna has the right to do so pursuant to applicable laws. The services provided by Klarna are subject to separate Klarna privacy policies, prompted before the first use of such service that also list your rights under applicable laws. You find a list of the relevant Klarna privacy policies per country here: https://www.klarna.com/international/privacy-policy/. Also please note that Klarna Bank may set cookies for their site as you check out on a Klarna webpage.


When you place an order, we may share your name, physical and email address and order details (date, amount, product) with Signifyd for fraud prevention services. Signifyd is located at 99 Almaden Blvd., 4th floor, San Jose, CA 95113, USA (www.signifyd.com) and is responsible for performing its service as set forth in an agreement with us, as an independent controller and not as a processor, namely for the purposes of fraud identification, prevention, dispute and monitoring, and to analyze data for the purpose of building, maintaining and improving Signifyd’s predictive models and fraud-related services through Signifyd’s own AI model for the same purposes. We have Module 1 EU Standard Contractual Clauses with Signifyd (controller-to-controller) with UK and Swiss addenda with Signifyd in place. Signifyd has a separate legitimate interest to process these sets data as Signifyd is independently endorsing an order, and it is in Signifyd’s sole discretion to approve a transaction/provide a financial guarantee to us for the order amount. Signifyd has received and actively maintains SOC 2, Type 2 and PCI compliance certifications from an independent third-party auditor. Signify’s privacy policy is available here https://www.signifyd.com/privacy/.


The legal basis for this sharing of the mentioned personal data with Signifyd as an independent controller is that it is in our legitimate interest (Art. 6 (1) (f) GDPR) to discover fraud and to protect ourselves against fraudulent orders. The GDPR recognizes fraud identification, prevention, dispute and monitoring in Recitals 47 and 71 as legitimate interests that provide a legal basis for a controller to process personal data.


If you sign up to receive e-mail marketing from us (controller only Voyetra Turtle Beach, Inc.)


When you sign up for our e-mail communications, your personal data is processed by Klaviyo, an email service provider, with its corporate address at 125 Summer St, 6th floor, Boston MA 02110, United States. ( https://www.klaviyo.com/and its privacy policy at https://www.klaviyo.com/legal/privacy-policy). Klaviyo stores and administers your consent and acts as data processor on our behalf and processes your personal data on our instructions. We have enabled website tracking, so that Klaviyo identifies individuals that click through a Klaviyo email and browse our website. Klaviyo will not track anonymous browsers. If you have questions how your consent is processed, please contact at privacy@klaviyo.com. Klaviyo has implemented EU Standard Contractual Clauses and other appropriate measures to comply with the EU data transfer rules (Art. 46 GDPR). The European Commission has certified that the EU Standard Contractual Clauses, in addition with other measures to safeguard the data, provide an adequate level of protection in respect of personal data.


We may also share your personal data with third parties in the context of the possible sale or restructuring of our business. We may also need to share your personal data with a regulator or to otherwise comply with applicable law or judicial process or if we reasonably believe that disclosure is necessary to protection our rights and/or to comply with judicial or regulatory proceedings, a court order or other legal inquiries.

4. Where your personal data may be processed


We are based in the USA (Voyetra Turtle Beach, Inc.) and in the UK (Turtle Beach Europe Ltd.). Your personal data may be held by us or our service providers in the USA or in the UK. Sometimes we may also transfer your personal data to other jurisdictions outside the European Economic Area (‘EEA’). For example, we may use cloud service providers who store personal data on servers in jurisdictions outside the EEA.


The European Commission has not finally determined that the laws of the USA and of the UK generally provide an adequate level of protection in respect of personal data. Other non-EEA jurisdictions may similarly not provide the same level of protection in respect of personal data as in the EEA. Where required by the GDPR, we will (or will require a processor to) put in place appropriate safeguards such as the Standard Contractual Clauses approved by the European Commission. We also use EU Standard Contractual Clauses to protect your personal data that Turtle Beach Germany may share with Turtle Beach Europe after BREXIT.


5. Right to withdraw your consent


As indicated above, we rely on your consent as our legal basis to send you e-mail marketing. You have the right to withdraw your consent to this processing at any time.


To withdraw your consent where you have previously consented to direct marketing, you can unsubscribe from direct marketing communications from us by:

  • clicking the ‘unsubscribe’ link in any e-mail communication that we send you; or
  • contacting us using the contact details listed below.

Once we have received notification that you have withdrawn your consent, we will no longer process your information for the purpose to which you originally consented unless we now have an alternative legal basis for doing so.

6. How long will we retain your information?


We will retain your personal data and other information for as long as necessary to fulfil the purposes for which it was collected, including for the purposes of satisfying any legal, regulatory, accounting or reporting requirements and our legitimate interests in maintaining such personal information in our records. For this we will consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements.


For example, we may retain the personal data we use for sending direct marketing email to you for so long as you subscribe to our e-mail mailing list. You can unsubscribe from direct marketing communications from us at any time as explained in Section 5 above. We may also remove such personal data in circumstances where you have not unsubscribed, such as where our e-mails to you are failing to deliver to your e-mail address or if you consistently do not open the e-mails that we send.


Once we no longer require your personal data for the purposes for which it was collected, we will securely destroy your personal data or anonymize them in accordance with applicable laws and regulations. Alternatively, the information may be anonymised so that it can no longer be associated with you, in which case it is no longer personal data.


7. Your rights in relation to your personal data


To the extent your personal data are processed, you are a data subject within the meaning of the GDPR and you have the following rights:


a) Right of access


You have the right to obtain a confirmation from us whether we process personal data concerning you , and, where that is the case, access to the personal data and the following information:

  1. the purposes of the processing;
  2. the categories of personal data concerned;
  3. the recipients or categories of recipient to whom the personal data have been or will be disclosed, in particular recipients in third countries or international organizations;
  4. where possible, the envisaged period for which the personal data will be stored, or, if not possible, the criteria used to determine that period;
  5. the existence of the right to request from us rectification or erasure of personal data or restriction of processing of personal data or to object to such processing;
  6. the right to lodge a complaint with a supervisory authority;
  7. where the personal data are not collected from you, any available information as to their source;
  8. the existence of automated decision-making, including profiling, referred to in Art. 22 para. 1 and 4 GDPR and, at least in those cases, meaningful information about the logic involved, as well as the significance and the envisaged consequences of such processing for you.

You have the right to request information whether the personal data concerning you are transferred to a third country or to an international organization. In this context, you may request to be informed of the appropriate guarantees pursuant to Art. 46 GDPR for such data transfer.


b) Right of rectification


It is important that the personal data we hold about you is accurate and current. Please let us know if your personal data which we process change during your relationship with us. 


c) Right to restriction of processing


You shall have the right to obtain from us restriction of processing where one of the following applies: 

  1. the accuracy of the personal data is contested by yourself, for a period enabling us to verify the accuracy of the personal data;
  2. the processing is unlawful, and the data subject opposes the erasure of the personal data and requests the restriction of their use instead;
  3. we no longer need the personal data for the purposes of the processing, but they are required by the data subject for the establishment, exercise or defense of legal claims;
  4. You have objected to processing pursuant to Art. 21 para. 1 GDPR pending the verification whether the legitimate grounds override those of the data subject.

Where the processing has been restricted, such personal data shall, with the exception of storage, will only be processed with your consent or for the establishment, exercise or defense of legal claims or for the protection of the rights of another natural or legal person or for reasons of important public interest of the European Union or of an EU Member State.


d) Right to erasure (‘right to be forgotten’)

You shall have the right to obtain from us the erasure of personal data concerning you. In this case, we have the obligation to erase your personal data without undue delay where one of the following grounds applies:

  1. the personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed;
  2. you withdraw consent on which the processing is based according to Art. 6 para.1 lit. a GDPR or Art. 9 para. 2 lit. a GDPR, and where there is no other legal ground for the processing;
  3. you object to the processing pursuant to Art. 21 para. 1 GDPR and there are no overriding legitimate grounds for the processing, or you object to the processing pursuant to Art. 21 para 2 GDPR;
  4. the personal data have been unlawfully processed;
  5. the personal data must be erased for compliance with a legal obligation in the European Union, or
  6. the personal data have been collected in relation to the offer of information society services referred to in Article 8 para.1 GDPR.

The right to erasure shall not apply to the extent that processing is necessary:

  1. for exercising the right of freedom of expression and information;
  2. for compliance with a legal obligation which requires processing by the European Union or for the performance of a task carried out in the public interest
  3. for archiving, scientific or historical research purposes in the public interest or for statistical purposes in accordance with Art. 89 para. 1 GDPR, insofar as the right referred to in section a) is likely to make it impossible or seriously impede the attainment of the objectives of such processing, or
  4. for the establishment, exercise or defense of legal claims.

e) Notification regarding rectification or erasure of personal data or restriction of processing

We will communicate any rectification or erasure of personal data or restriction of processing carried to each recipient to whom the personal data have been disclosed, unless this proves impossible or involves a disproportionate effort. We will inform you about those recipients if you request it.


f) Right to data portability

You have the right to receive the personal data, which you have provided to us, in a structured, commonly used and machine-readable format and have the right to transmit those data to another controller without hindrance from the controller to which the personal data have been provided, where: 

  1. the processing is based on consent pursuant to Art. 6 para 1 lit. a or Art. 6 para 1 lit. b or Art. 2 para 2 lit. a GDPR, or
  2. the processing is carried out by automated means.

The right shall not adversely affect the rights and freedoms of others.


In exercising your right to data portability, you shall have the right to have the personal data transmitted directly from one controller to another, where technically feasible.


The exercise of this right shall be without prejudice to the right of erasure. That right shall not apply to any processing that is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.


g) Right to object

You shall have the right to object, at any time to processing of your personal data under the GDPR. We will no longer process the personal data, unless there are legitimate grounds for the processing which override the interests, rights and freedoms of the data subject or for the establishment, exercise or defense of legal claims.


h) Right to revoke the declaration of consent

You have the right to revoke your data protection declaration of consent at any time. Your revocation of your consent does not affect the legality of the processing that has taken place on the basis of your consent until your revocation.


i) Right of complain to a supervisory authority

Without prejudice to any other administrative or judicial remedy, you have the right of appeal to a supervisory authority, in particular in the European Member State where you reside, work or suspect an infringement if you believe that the processing of personal data concerning you is not in compliance with GDPR. 

8. Changes to this Privacy Notice and additional privacy notices


Our practices with respect to personal data may vary from time to time and we may update this Privacy Notice at any time. 

COOKIES POLICY


When you visit our website, we collect and process information about your usage of our websites (for example, the pages you visit and how you have navigated through our website) using cookies and other similar technologies. This helps us to provide you with a good experience when you browse our website. It also allows us to improve our site.


A cookie is a small file of letters and numbers that is stored on a user’s device. This Cookies Policy describes the cookies we use on our website and what they are used for.

The cookies that are not “strictly necessary” will not be pre-enabled and will only be placed if you opt-in (where required under applicable data privacy and electronic com-munications laws). These cookies can be removed at any time by using the OneTrust Cookie Management tool on the site. The tool allows you to block or modify all non-essential cookies. Strictly necessary cookies (cookies that are essential for the opera-tion of our website and for us to provide services requested by you) cannot be re-moved. They include, for example, cookies that enable you to log into certain areas of our website or enable products to be kept in your online basket.

 

The types of cookies we use are set out below.

I. STRICTLY NECESSARY COOKIES

We use so-called session or flash cookies on our website and in our application. When a user visits a website, a cookie may be stored on the user's operating system. This cookie contains a characteristic string of characters that enables the browser to be uniquely identified the next time the website is accessed. Some functions of our website cannot be offered without the use of cookies. For these it is necessary that the browser is recognized even after a page change. The user data collected with those technically necessary cookies is not used to determine the identity of the user or to create user profiles. The legal basis for the processing of personal data by means of technically necessary cookies is Art. 6 para. 1 lit. f) GDPR.  

Shopify: We use strictly necessary cookies to distinguish users who visit our website or opt in for our service and for the Shopify online e-commerce platform of Shopify Inc., 151 O’Connor Street, Ground floor, Ottawa, Ontario, K2P 2L8, Canada so that our website runs smoothly. Please note the description on Shopify in our Privacy Policy.


II. ANALYTICAL COOKIES

If you access our services, your behavior can be statistically evaluated with the help of certain analytics tools for advertising and market research purposes or to improve our services by the use of cookies When using external service providers, we have appropriate contracts with the service providers in place so that the data processing complies with European data protection standards. The data processing via analytic cookies and the use of those analysis tools is based on your consent (Art. 6 para. 1 lit. a) DSGVO). You can revoke your consent at any time by changing the cookie-settings in the box at the top of this privacy policy. 

You can also manage or disable cookies at any time by adjusting your browser settings. Please refer to the settings menu of your browser for instructions on how to change your cookie preferences. If you choose to disable cookies, the Turtle Beach website may not function properly, and certain content may not be available. While browsers vary, the following links may be helpful:

(a) Cookie settings in Internet Explorer

(b) Cookie settings in Firefox

(c) Cookie settings in Chrome

(d) Cookie settings in Safari on Mac and Safari on iPhone, iPad, or iPod touch.

If you deactivate the setting of cookies in the Internet browser used, not all functions of our website may be entirely usable.

1. Shopify

We also use the analytical and performance recognition services of Shopify Inc. For this purpose, Shopify uses analytical cookies. Please note our Privacy Policy for more de-tails on Shopify.


Shopify uses the following cookies:

Cookie NamePurposeDuration
landing_pageTrack landing pages.Persistent
_orig_referrerTrack landing pages.Persistent
_sShopify analytics.Persistent
_shopify_fsShopify analytics.Persistent
_shopify_sShopify analytics.Persistent
_shopify_sa_pShopify analytics relating to marketing & referrals.Persistent
_shopify_sa_tShopify analytics relating to marketing & referrals.Persistent
_shopify_uniqShopify analytics.Persistent
_shopify_visitShopify analytics.Persistent
_shopify_yShopify analytics.Persistent
_yShopify analytics.2 years
tracked_start_checkoutShopify analytics relating to checkout.24 hours

2. Google Analytics and Ads

Our website uses Google Analytics 4 and Google Ads, which are a web analysis services of Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (“Google”). Google uses "cookies", which are text files placed on users' computers, to help the website analyze how users use the site. The information generated by the cookie about the use of the website by users is generally transferred to a Google server.


Google's use of advertising cookies with Google Ads enables it and its partners to serve ads to our users based on their visits to our sites and/or other sites on the Internet.

This processing of user data by Google Analytics 4 enables us to analyze the surfing behavior of our users. We are able to compile information about the use of the individual components of our website by evaluating the data obtained. This helps us to continuously improve our website and its user-friendliness.

The IP anonymization is being performed by Google. Google Analytics 4 collects the IP address of website visitors or app users. In Google Analytics 4, Google states that IP addresses are used at collection time only to determine location information (country, city, latitude and longitude of city) and then discarded before data is logged in any data center or server. We do not define and send custom user properties, such as user-specific attributes or characteristics to Google. IP addresses can provide information about the general location of the user but are not considered directly identifying information on their own. Likewise, Google Analytics 4 captures the user agent string, which includes details about the device, browser, and operating system used by the visitor or user. User agent information can help analyze device specific usage patterns but is also not considered personally identifiable in most cases.

Google may collect the mentioned IP addresses through targeting cookies (see our list below) You can give and revoke your consent to the collection of these IP addresses at any time in the Privacy Preference Center accessible by clicking the “Customize Cookies”/ “Targeting Cookies” buttons herein. However, if you revoke your consent through the Privacy Preference Center, further use of the marketing functions will no longer be possible. You can also object to the processing of the IP addresses by Google described above at any time with effect for the future by using the deactivation add on for browsers from Google Analytics at http://tools.google.com/dlpage/gaoptout?hl=en. Users may also opt out of personalized advertising by visiting Google’s Ads Settings: https://www.google.com/settings/ads. For more in-formation about how Google processes personal data see here: https://policies.google.com/.

We cannot exclude that Google also processes your IP address on servers outside the European Economic Area or UK. By concluding EU Standard Contractual Clauses and undertaking other measures, Google as the company receiving the IP addresses contractually guarantees an adequate level of data protection within the meaning of Article 44 et seq. GDPR. The legal basis for this processing outside the European Economic Area/UK in connection with the use of Google’s services is Art. 6 para. 1 lit. a) GDPR (your consent) and our legitimate marketing interest (Art. 6 para. 1 lit. f) GDPR).

Google uses the following cookies:

Cookie NamePurposeDuration
_gaThis cookie is set by Google Universal Analytics to distinguish unique users by assigning a randomly generated number as a client identifier. It is included in each page request in a site and used to calculate visitor, session and campaign data for the sites analytics reports.2 years
_gidThis cookie is set by Google Universal Analytics to store and update a unique value for each page visited.30 seconds to 1 year
_gatThis cookie is set by Google Universal Analytics, limiting the collection of data on high traffic sites.10 minutes
test_cookieThis cookie is set by Doubleclick (Google) - Googles real time bidding advertising exchange.Persistent
_gat_UA-nnnnnnn-nnThis cookie is set by Google Analytics, where the pattern element on the name contains the unique identity number of the account or website it relates to. It is a variation of the _gat cookie which is used to limit the amount of data recorded by Google on high traffic volume websites.Persistent
_gclxxxxA Google conversion tracking cookie used to help advertisers determine how many times users who click on their ads end up taking an action on their site, such as making a purchase.90 days
_dltThis cookie is set by Google’s real time bidding advertising exchange. This enables the website to receive data on visitor behavior for statistical purposes.Session
NIDThis cookie is set by Google to show Google ads in Google services for signed-out users.6 months
IDEThis cookie is set by Google to show Google ads on non-Google sites.13 months
_GRECAPTCHAThis cookie is used by Google’s reCAPTCHA system for the purpose of providing its risk analysis.6 months
_ar_v4This cookie is set by DoubleClick advertising service from Google to. track conversion rates for ads.Persistent

3. Youtube

Once you launch a YouTube video through the Website, a connection is established to the YouTube servers. This tells the YouTube server which of our pages you have visited. If you are logged in to your YouTube account, you allow YouTube to associate your surfing behavior directly with your personal profile. You can prevent this by logging out of your YouTube account.


Furthermore, YouTube can store various cookies on your device after starting a video. With the help of these cookies, YouTube can obtain information about visitors to the Website. This information is used, among other things, to gather video statistics, improve the user experience and prevent fraud. The cookies remain on your terminal device until you delete them. The information generated by a cookie about the use of the website by the user is usually transferred to a server of Google LLC in the USA and stored there. The legal basis for the processing outside the European Economic Area/UK in connection with the use of YouTube’s services is Art. 6 para. 1 lit. a GDPR. You can also revoke this consent at any time in the settings. However, if you revoke only your consent for processing outside the European Economic Area/UK, further use of the cookie functions will no longer be possible.


It is in our legitimate interest to create a Website that provides easily accessible and visually appealing video content, and to enable the processing that YouTube requires to provide such service to us. The legal basis for the processing of data based on this legitimate interest is Art. 6 para. 1 lit. f GDPR.


After the start of a YouTube video, it is possible that further data processing processes may be triggered, over which we have no influence. The use of YouTube is based on your consent to YouTube (e.g. consent to the storage of cookies), Art. 6 para. 1 lit. a GDPR. Further information about data protection at YouTube can be found in their privacy policy at: policies.google.com/privacy?hl=en 


YouTube uses the following cookies:

Cookie NamePurposeDuration
VISITOR_INFO1_LIVEA cookie that YouTube sets that measures your bandwidth to determine whether you get the new player interface or the old.8 months from set/update
PREFThis cookie stores your preferences and other information, in particular preferred language, how many search results you wish to be shown on your page, and whether or not you wish to have Google’s SafeSearch filter turned on.10 years from set/ update
use_hitboxThe use_hitbox cookie increments the ‘views’ counter on the YouTube video.At end of session
YSCThis cookie is set by the YouTube video service on pages with embedded YouTube video. It registers a unique ID to keep statistics of what videos from YouTube the user has seen.At end of session
YouTube GPS HTTP GPSRegisters a unique ID on mobile devices to enable tracking based on geographical GPS location.At end of session

4. Klaviyo

When you have registered for our newsletter, we use the e-mail marketing software of Klaviyo, Inc., 125 Summer Street, Floor 6, Boston, MA, 02110, United States, (“Klaviyo”). Klaviyo uses tracking cookies for fulfilling their services which are disclosed here https://help.klaviyo.com/hc/en-us/articles/360034666712-About-Cookies-in-Klaviyo.

Cookie NamePurposeDuration
__kla_id

To track and identify site visitors through an auto-generated ID. This cookie can temporarily hold personally identifiable information. Once a visitor is identified, the cookie can pass their data into Klaviyo. A visitor can be identified when they:

  • Fill out a Klaviyo signup form
  • Click a link from a Klaviyo email.
Two years; cookies gathered while using the Safari web browser expire after seven days

The information generated by such a cookie is transferred to a server of Klaviyo in the USA and stored there. Klaviyo processes the personal data in the USA on the basis of EU Standard Contractual Clauses pursuant to Art. 46 para. 1, para. 2 lit. c) GDPR. For more information about how Klaviyo processes personal data see https://www.klaviyo.com/legal/privacy-policy and our Privacy Policy.


III. Advertisement Cookies

The legal basis for the setting of advertisement cookies and the associated processing of personal data is also Art. 6 para. 1 let. a) GDPR. You can also revoke this consent, which also includes an explicit consent for the transfer of the relevant personal data outside of the EEA (Art. 49 para. 1) let. a) GDPR) at any time by using the cookie setting tool on top of this Policy or by your browser setting, as described for the analytics cookies. However, if you revoke your consent for processing outside the European Economic Area/UK, further use of the marketing functions will no longer be possible. You can customize your device settings to control your Ad tracking at any time:

  • On Apple devices, you can enable "Limit Ad Tracking" in your device settings.
  • On Android devices, you can select "Opt out of Ads Personalization" in your device settings.

1. BingAds

Our website uses BingAds, a service provided by Microsoft Corporation, One Microsoft Way, Redmond, WA 98052-6399, USA (“Microsoft”). Microsoft uses cookies and similar technologies to provide you with advertisements that are relevant to you. The use of these technologies enables Microsoft and its partner sites to serve ads based on prior visits to our site or other sites on the internet.


The access data generated in this context may be transferred by Microsoft to a server in the USA for analysis and stored there. By concluding EU standard contract clauses and undertaking other measures, the companies guarantee an adequate level of data protection within the meaning of Articles 44 et seq. GDPR.


Besides the possibility to revoke your consent, you can also object to the collection of data described above at any time with effect for the future by activating the following link: http://choice.microsoft.com/de-DE/opt-out. For more information on data protection and the cookies used by Microsoft and Bing Ads, please visit Microsoft's website at https://privacy.microsoft.com/de-de/privacystatement.


BingAds uses the following cookies:

Cookie NamePurposeDuration
MUID, MC1, and MSFPCIdentifies unique web browsers visiting Microsoft sites. These cookies are used for advertising, site analytics and other operational purposes.One year
ANONContains the ANID, a unique identifier derived from your Microsoft account, which is used for advertising, personalization, and operational purposes. It is also used to preserve your choice to opt out of interest-based advertising from Microsoft if you have chosen to associate the opt-out with your Microsoft account.One year
CCContains a country code as determined from your IP ad-dress.One year
PPAuth, MSPAuth, MSNRPSAuth, KievRPSAuthHelps to authenticate you when you sign in with your Microsoft account.One year
NAPContains an encrypted version of your country, postal code, age, gender, language and occupation, if known, based on your Microsoft account profile.One year
MHAppears on co-branded sites where Microsoft is partnering with an advertiser. This cookie identifies the advertiser, so the right ad is selected.One year
MRUsed to collect information for analytics purposes.One year
TOptOutRecords your decision not to receive interest-based advertising delivered by Microsoft.One year

2. Commission Junction (cj.com)

Our Website uses the services of Commission Junction, which is a service provider operated by Conversant Europe Ltd., Oxford House, London S W15, United Kingdom (“Commission Junction”). Commission Junction uses cookies and similar technologies to provide you with advertisements that are relevant to you. The use of these technologies enables Commission Junction and its partner sites to serve ads based on prior visits to our site or other sites on the internet. 


The access data generated in this context may be transferred by Commission Junction to a server in the USA for analysis and stored there. By concluding EU standard con-tract clauses and undertaking other measures, the companies guarantee an adequate level of data protection within the meaning of Article 44 et seq. GDPR.


Besides the possibility to revoke your consent, you can also object to the collection of data described above at any time with effect for the future by activating the following link: www.networkadvertising.org/choices. For more information on data protection and the cookies used by Commission Junction, please visit Commission Junction’s website at https://www.conversantmedia.com/legal/privacy.


Commission Junction uses the following cookies:

Cookie NamePurposeDuration
CONTIDUsed to track the purchase of a product from another sites adsEnd of the transaction
_gaUsed to track the purchase of a product from another sites adsEnd of the transaction
_mkto_trkUsed to track the purchase of a product from another sites adsEnd of the transaction

3. NextRoll

Our Website uses the services of NextRoll, a service provided by NextRoll Ltd., Level 61, Burlington Plaza, Burlington Road, Dublin 4, Ireland (“Next Roll”). NextRoll uses cookies and similar technologies to provide you with advertisements that are relevant to you. The use of these technologies enables Next Roll and its partner sites to serve ads based on prior visits to our site or other sites on the internet.


The access data generated in this context may be transferred by NextRoll to a server in the USA for analysis and stored there. By concluding EU standard contract clauses and undertaking other measures, the companies guarantee an adequate level of data protection within the meaning of Articles 44 et seq. GDPR.


Besides the possibility to revoke your consent, you can also object to the collection of data described above at any time with effect for the future by activating the following link: https://app.adroll.com/optout/safari#other. NextRoll also collects hashed identifiers derived from email addresses for the purposes of cross-device tracking for targeted advertising using NextRoll. To opt-out from receiving cross-device site advertising (i.e. tracking a user across devices), you can do so by accessing your device setting or visiting and employing the controls described on the NAI’s Mobile Choices page. For more information on data protection, device tracking and the cookies used by Next Roll, please visit Next Roll’s website at https://www.nextroll.com/privacy


Next Roll uses the following cookies:

Cookie NamePurposeDuration
_adroll
adroll_v4
adroll_fpc
These cookies are used to record what you visited while on the store so that advertisements can be shared with you on other sites.One week

4. Facebook

We use marketing pixels from the service provider Facebook (Facebook Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland; “Facebook”) on our website. We implemented a code (pixel) for the service on our website. This pixel is a snippet of JavaScript code that loads a collection of functions that allows Facebook to track your user actions if you came to our website via Facebook ads. For example, if you purchase a product on our website, the pixel is triggered and stores your actions on our website in respective cookies. These tools enable Facebook to match your user data (customer data such as IP address, user ID) with the data of your Facebook account. Facebook then deletes this data. The collected data is anonymous and cannot be viewed by us and is only used for advertising purposes. If you are a user of Facebook and are logged in to your account there, your visit to our website is automatically assigned to your Facebook user account.


The purpose of setting cookies is to send you interesting advertisements in connection with Turtle Beach on Facebook, if you are a customer there. We only want to show our services or products to people who are really interested in them. With the help of such a marketing pixel, our advertising measures can be better adjusted to your wishes and interests. For example, Facebook users (provided they have allowed the use of cookies required for personalized advertising) will see appropriate ads. In addition, Facebook uses the collected data for analysis purposes and their own advertisements.


For more information on the collection and use of the data by Facebook, as well as on your rights and possibilities for the protection of your privacy in this regard, please refer to the privacy notices of Facebook athttps://www.facebook.com/about/privacy/


Within the scope of the use of marketing pixels functions, the personal data contained in the cookies are transmitted to Facebook. It may happen that Facebook also process data on servers outside the European Economic Area/UK. By concluding EU standard contract clauses and undertaking other measures, the companies guarantee an adequate level of data protection within the meaning of Articles. 44 et seq. GDPR. 


The cookies set by the integration of the Facebook marketing pixel are:

Cookie NamePurposeDuration
campaign_click_urlRecords the Facebook URL that an individual landed on after clicking on an ad promoting FacebookPersistent
frFacebook’s primary advertising cookie, used to deliver, measure, and improve the relevancy of ads.90 days
ooUsed to record advertising opt outs5 years
ddidUsed to open a specific loca-tion in an advertiser's app upon installation28 days

5. TikTok

TikTok (address: TikTok Inc., Attn: TikTok Legal Department 10100 Venice Blvd, Suite 401, Culver City, CA 90232, USA) is another social medial platform we connect with – similar to Facebook and Twitter. Through its cookies and pixels, TikTok links your contact or subscriber information with your activity on our platform across all your devices, using your email or other login or device information. A TikTok Pixel is a piece of code that allows advertisers to share website visitor events to TikTok via a browser and is meant to track ad performance. TikTok may use this information to display advertisements on the platform and elsewhere online and across your devices tailored to your interests, preferences, and characteristics. For instance, TikTok would know that you are in the market for buying a headset. The TikTok pixel collects information available via standard web browsers, like Chrome. This pixel will track the following user data for up to 13 months and it will be updated each time the pixel is activated again:

  • Ad/ Event information: Information about the ad a TikTok user has clicked or an event that was triggered.
  • Timestamp: Time that the pixel event sends. This information is used to determine when website actions took place, like when a page was viewed, when a product was purchased, etc.
  • IP Address: Used to determine the geographic location of an event.
  • User Agent: Used to determine the device make, model, operating system and browser information.

For more information, you find TikTok’s Privacy Policy here: https://www.tiktok.com/legal/privacy-policy?lang=en. More information on TikTok’s use of cookies and pixels is also available at https://www.tiktok.com/legal/cookie-policy?lang=en under “2. Categories of tracking technologies.” 

The access data generated in this context may be transferred by TikTok to a server outside the EU for analysis and stored there. By concluding EU standard contract clauses and undertaking other measures, the companies guarantee an adequate level of data protection within the meaning of Articles 44 et seq. GDPR.

The TikTok cookies save visitor's conversion events related to an ad campaign. A session ID is generated on the advertiser’s site, which saves event information about a user's single visit to an advertiser's website, such as page views or conversions. This so-called match key works with cookies to improve measurement, attribution and targeting. Third-party cookies extend beyond individual sessions and collect campaign-related events across different sites and sessions. With these cookies switched on, TikTok will deliver ads more efficiently and can attribute events to the ads. 

There are two types of TikTok cookies:
  • First-party cookies are created and owned by your website via the TikTok Pixel. This type of cookie can be enabled to use with a pixel.
  • Third-party cookies are created and owned by TikTok via TikTok's server. This type of cookie will always be on for a pixel.

The TikTok Pixel enables the cookies listed below. TikTok uses the following 1st and 3rd party cookies:
Cookie NamePurposeDuration
_tt_enable-cookie (1st party cookie)Used to store tracking with cookie state13 months.
It is updated every time the TikTok Pixel is visited.
ttp (1st party cookie)Used to distinguish users13 months.
It is updated every time the TikTok Pixel is visited.
_ttp 3rd party- Domain .tiktok.comUsed to distinguish users.13 months.
It is updated every time the TikTok Pixel is visited.